CodeGuardian

Network hacks, data breaches, information theft, ransomware, and other malicious network attacks are on the rise – and so is concern for overall cyber security strategy. Nearly one million malware threats are released worldwide every day, and it takes an average of 46 days to resolve a malicious attack, threatening critical operations, organizational reputations, and even the financial viability of many companies. Given the potential repercussions surrounding cyber attacks, it is imperative that organizations deploy a proactive, defense-in-depth strategy that addresses all layers of the network.

LGS Innovations recognizes the importance of software integrity as a component of the larger security ecosystem. With a dedication to the evolution of enterprise support born from extensive experience deploying secure, mission-critical switching solutions, LGS Innovations offers CodeGuardian™: a solution that hardens devices at both the software source code and binary executable levels to enhance overall cyber security.

Staying Secure in an Evolving Environment

Modern day network-centric devices are customized embedded computers, and the software running on them is not protected by traditional IT security mechanisms such as end-point protection. This leaves network environments susceptible to the introduction of malware and other attacks, potentially causing:

While the industry’s growing reliance on a global software production process has raised questions about the software chain of custody and potential vulnerabilities introduced along the chain, CodeGuardian protects devices from intrinsic vulnerabilities, code exploits, embedded malware, and potential back doors that could compromise mission-critical operations. CodeGuardian promotes a proactive, defense-in-depth approach toward cyber security that continuously defines and implements value-add capabilities to address both current and future threats.

Independent Verification and Validation (IV&V) and Analysis of Source Code

Software vulnerabilities: bugs and flaws contained in software, recommended and default system configuration, processes/best practices, and system documentation.

System exploits: concepts or code that take advantage of vulnerabilities to gain initial access to the operations of a system.

Embedded malware: code loaded onto a system to inflict damage, collect data, change the functioning of the system, or launch attacks at other systems.

Back doors in software: code intentionally designed into a system that bypasses normal authentication checks in order to give access or control. Examples include field debugging capabilities, secret key strokes, special login sequences, or hidden login user IDs

CodeGuardian technology also implements software diversification to randomize the executable program address space so that various instances of the same software, while functionally identical, are arranged differently on the binary level, making any address-dependent exploits ineffective on other diversified instances of the software. This prevents attackers from:

Gaining access to information (data theft)

Performing unauthorized actions or commands (privilege escalation)

Preventing routine operation of a system (e.g. Denial-of-Service (DoS))

In order to perform an exploit against a target, an attacker will typically take advantage of a vulnerability in a system, which often requires knowledge of the underlying address layout of an
application. CodeGuardian’s diversification process mitigates this risk by analyzing and modifying the position of application components, thereby reducing the effectiveness of attacks based on the address layout of a standard, non-diversified version of the software. CodeGuardian also implements best-practice defenses including ASLR, function fortification, and stack protection.

Assured Supply Chain

To help ensure a secure software supply chain, CodeGuardian maintains a secure lab environment with an air-gapped network and restricted access. The secure lab has a complete build environment with source control, toolchain, build machines, and testing facility. The secure lab environment ensures the software that goes through the CodeGuardian analysis process is the
same software delivered unaltered to the end customer through LGS distribution channels.

Alcatel-Lucent Enterprise (ALE) is committed to delivering the most secure software solutions within their switching equipment, and has integrated LGS’ CodeGuardian technology in their software development and delivery processes in order to protect against concerns at the switching level.

The Alcatel-Lucent Enterprise OmniSwitch family of products is changing the way government and commercial organizations work and communicate. Encompassing the most advanced line of switching and routing platforms that are supported by a single ALE operating system (AOS), the same feature set, and the same network management tool (OmniVista®), the OmniSwitch line meets the most stringent and mission critical networking requirements for a network’s access, distribution, and core layers.

The OmniSwitch line offers innovative capabilities, including embedded analytics, access management software integration, and Unified Access, through a converged wired and wireless management platform. The ALE Data Center Switching Infrastructure solution received a rating of “Very Strong” by industry analyst firm Current Analysis. Key strengths of the solution include:

Low total cost of ownership: The OmniSwitch family of stackable and modular switches is future-proofed with the ability to upgrade to higher-speed interfaces via software without replacing existing hardware.

Smart analytics: Integrated technology provides a wide range of in-depth network information such as visibility of network flows and bandwidth used by each application. This gives IT administrators an understanding of how the network is being used and helps fine-tune its operation so policy-based controls can be configured based on user, device, and application, to enforce prioritization, QoS, and security at the edge of the network.

Application Fluent Network (AFN): Intelligent network that provides an optimized experience based on an architecture that supports unified access, virtualization, resiliency, and security, with policy-driven control automation, and leverages smart analytics and streamlined operations with intelligent fabric, a common OS, and energy efficient technology.

Our company is a leading provider of enterprise communications solutions and services, from the office to the cloud, marketed under the Alcatel-Lucent Enterprise brand. Building on our established heritage of innovation and entrepreneurial spirit, we operate globally with 2700+ employees in 100+ countries worldwide, with headquarters near Paris, France.

With communications, networking, and cloud solutions for business of all sizes, our team of technology experts, service professionals, and 2900+ partners serves more than 830,000 customers worldwide, tailoring and adapting our solutions and services to local requirements. This provides tangible business outcomes through personalized connected experiences for customers and end users.